def index_account_resources(config, account, region, policy, date):
indexer = get_indexer(config, type=policy['resource'])
bucket = account['bucket']
key_prefix = "accounts/{}/{}/policies/{}".format(account['name'], region,
policy['name'])
# Look for AWS profile in config before Instance role
records = s3_resource_parser.record_set(
lambda: SessionFactory(region,
profile=account.get('profile'),
assume_role=account.get('role'))(),
bucket,
key_prefix,
date,
specify_hour=True)
for r in records:
# Adding Custodian vars to each record
r['c7n:MatchedPolicy'] = policy['name']
r['c7n:AccountNumber'] = account['id']
# Reformat tags for ease of index/search
# Tags are stored in the following format:
# Tags: [ {'key': 'mykey', 'val': 'myval'}, {'key': 'mykey2', 'val': 'myval2'} ]
# and this makes searching for tags difficult. We will convert them to:
# Tags: ['mykey': 'myval', 'mykey2': 'myval2']
r['Tags'] = {t['Key']: t['Value'] for t in r.get('Tags', [])}
indexer.index(records)
def index_account_resources(config, account, region, policy, date):
indexer = get_indexer(config, type=policy['resource'])
bucket = account['bucket']
key_prefix = "accounts/{}/{}/policies/{}".format(
account['name'], region, policy['name'])
# Look for AWS profile in config before Instance role
records = s3_resource_parser.record_set(
lambda: SessionFactory(
region, profile=account.get('profile'),
assume_role=account.get('role'))(),
bucket,
key_prefix,
date,
specify_hour=True)
for r in records:
# Adding Custodian vars to each record
r['c7n:MatchedPolicy'] = policy['name']
r['c7n:AccountNumber'] = account['id']
# Reformat tags for ease of index/search
# Tags are stored in the following format:
# Tags: [ {'key': 'mykey', 'val': 'myval'}, {'key': 'mykey2', 'val': 'myval2'} ]
# and this makes searching for tags difficult. We will convert them to:
# Tags: ['mykey': 'myval', 'mykey2': 'myval2']
r['Tags'] = {t['Key']: t['Value'] for t in r.get('Tags', [])}
indexer.index(records)
def report_account(account, region, policies_config, output_path, cache_path,
debug):
output_path = os.path.join(output_path, account['name'], region)
cache_path = os.path.join(cache_path,
"%s-%s.cache" % (account['name'], region))
load_available()
config = Config.empty(region=region,
output_dir=output_path,
account_id=account['account_id'],
metrics_enabled=False,
cache=cache_path,
log_group=None,
profile=None,
external_id=None)
if account.get('role'):
config['assume_role'] = account['role']
config['external_id'] = account.get('external_id')
elif account.get('profile'):
config['profile'] = account['profile']
policies = PolicyCollection.from_data(policies_config, config)
records = []
for p in policies:
# initializee policy execution context for output access
p.ctx.initialize()
log.debug("Report policy:%s account:%s region:%s path:%s", p.name,
account['name'], region, output_path)
if p.ctx.output.type == "s3":
delta = timedelta(days=1)
begin_date = datetime.now() - delta
policy_records = record_set(
p.session_factory, p.ctx.output.config['netloc'],
strip_output_path(p.ctx.output.config['path'], p.name),
begin_date)
else:
policy_records = fs_record_set(p.ctx.log_dir, p.name)
for r in policy_records:
r['policy'] = p.name
r['region'] = p.options.region
r['account'] = account['name']
for t in account.get('tags', ()):
if ':' in t:
k, v = t.split(':', 1)
r[k] = v
records.extend(policy_records)
return records
def index_account_resources(config, account, region, policy, date):
indexer = get_indexer(config, type=policy['resource'])
bucket = account['bucket']
key_prefix = "accounts/{}/{}/policies/{}".format(account['name'], region,
policy['name'])
records = s3_resource_parser.record_set(
lambda: assumed_session(account['role'], 'PolicyIndex'),
bucket,
key_prefix,
date,
specify_hour=True)
for r in records:
r['c7n:MatchedPolicy'] = policy['name']
indexer.index(records)